Whitebox fuzzing is a form of security testing of application code based upon dynamic test generation. During testing, the application code is executed symbolically to gather constraints on code inputs from conditional statements encountered during execution of the application code. These constraints are systematically solved using a constraint solver to generate new test inputs for exercising different execution paths of the program. One goal of whitebox fuzzing is to test as many execution paths of the application code as is possible, thereby increasing the likelihood that security vulnerabilities will be identified.
The use of whitebox fuzzing has been expanded from merely testing units of application code to testing entire programs or applications, which may have billions of instructions and/or execution paths. Thus, executing every possible execution path of the application code may be costly in terms of time and/or computational resources. With increased computational power demands and increased load on the whitebox fuzzers, the rate at which programs can be checked for security vulnerabilities such as buffer overflow errors and the like decreases. Thus, while whitebox fuzzing is resulting in increased success in program code analysis, significant challenges remain such as increasing code coverage and security vulnerability finding, while avoiding large increases, or even reducing, the computational and time costs usually associated with such an increase.
It is with respect to these and other considerations that the disclosure made herein is presented.